locked
Security protection on Google Chrome RRS feed

  • Question

  • Hi,

    I am trying to research into Google Chrome security, I tried various methods including PE Injection - google chrome prevented it. Any idea or link which can give me ideas on how to perform injection into Google Chrome.

    Why am I doing this Security Research?

    As this thread is suspicious, I want to give a valid reason behind this question - It can be used as a process to be used a Network Communication Hub? As a Lot of applications such as uTorrent use these type of Methods to Communicate without having Digitally Signed Certificate.

    Monday, October 14, 2013 4:16 PM

All replies

  • Hi,

    Google Chrome is not too much difficult to inject into, although I strongly advise you against this as doing so can cause Injection Failures (If performing a Code Injection), if any structures are left uninitialized moreover AV will flag your application as "Malware" by their heuristic engines. 

    As for technical details, I visit my blog: [Removed]

    Do be aware that even performing a DLL Injection onto a Application such as Google Chrome's Process\Memory Space, can result in failure even in DLL Injection (Most Stable Method) as this techniques vary on the version.

    The general rule of the thumb for this is - Older the better, Newer the harder, if there is a Newer version of Google Chrome, which patched this - it will bound to fail. It all boils down to technique you use. To wrap this up, buying a Certificate is more or less easier as using techniques which have fifty-fifty chances of succession. 

    Snippet of DLL Injection method:

    // Rohan Vijjhalwar - MSDN
    #include <Windows.h>
    
    int WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow){
    char ie[MAX_PATH];
    char dll[MAX_PATH];
    GetEnvironmentVariable("programfiles",ie,sizeof(ie));
    	strcat(ie,"\\Gcogle\\Chrome\\Application\\chrome.exe"); 
    strcpy(dll,lpCmdLine);
    STARTUPINFO si;
    PROCESS_INFORMATION pi;
    ZeroMemory(&si,sizeof(si));
    ZeroMemory(&pi,sizeof(pi));
    CreateProcess(NULL,ie,NULL,NULL,false,0,NULL,NULL,&si,&pi);
    HANDLE baseAddress=VirtualAllocEx(pi.hProcess,NULL,256,MEM_COMMIT,PAGE_READWRITE);
    WriteProcessMemory(pi.hProcess,baseAddress,dll,sizeof(dll),NULL);
    CreateRemoteThread(pi.hProcess,NULL,0,(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32"),"LoadLibraryA"),baseAddress,0,NULL);
    Sleep(100);
    TerminateThread(pi.hThread,0);
    return 0;
    }

    Until Next Time,

    Rohan Vijjhalwar




    • Proposed as answer by RRohanR Monday, October 14, 2013 4:27 PM
    • Edited by RRohanR Saturday, February 7, 2015 2:25 PM
    Monday, October 14, 2013 4:26 PM